Summary: | <app-antivirus/clamav-0.95 Detection bypass (CVE-2008-6680,CVE-2009-{1241,1270}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | antivirus, bernd, net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 264852, 265545 | ||
Bug Blocks: |
Description
Alex Legler (RETIRED)
2009-04-04 06:56:27 UTC
The ebuild is in the tree. | *clamav-0.95 (31 Mar 2009) | | 31 Mar 2009; Thomas Raschbacher <lordvan@gentoo.org> +clamav-0.95.ebuild: | version bump As always bumping clamav breaks all the other tools like bugs: 264820 264836 (In reply to comment #1) > The ebuild is in the tree. Aww, I should do update-eix. :/ > As always bumping clamav breaks all the other tools like > bugs: 264820 264836 Should we delay the stabling until these issues are resolved? fyi 0.95.1 is added too already .. CVE-2008-6680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6680): libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. CVE-2009-1270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1270): libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang. Can we close this one and instead just concentrate on bug #265545 (<0.95.1 security issue) adding blocker here anyway .. mail-clamav not added but only on 0.95.1 sec bug. shouldn't be affected versions dropped from the tree? GLSA 200903-04 err, GLSA 200909-04 |